Accessibility

Security bulletin

Content Protection in Flash Media Server

Release date: November 17, 2008

CVE number: CVE-2008-5109

Vulnerability identifier: APSA08-11

Summary

Service packs for Flash Media Server (3.0.3 and 3.5.1) adds new RTMP security measures enabled with Flash Player 10,0,22 and AIR 1.5.1 for streaming media delivery. Customers using Flash Media Server 3.0.3 and 3.5.1 should utilize RTMPE or RTMPTE (the tunneled version) combined with SWF Verification to provide maximum content protection. These updates also address issues previously disclosed in Security Advisory APSA08-06.

Affected software versions

Flash Media Server 3.5, Flash Media Server 3.0.

Solution

Adobe recommends Flash Media Server administrators install the Flash Media Server 3.5.1 or 3.0.3 update

Details

For more information on using RTMPE or RTMPTE and SWF Verification, Flash Media Server 3.0 customers can consult the following updated TechNote.

Revisions

February 26, 2008 – Advisory updated with information on Flash Media Server 3.5.1 and 3.0.3 updates
December 4, 2008 – Advisory updated with information on SWF Verification
November 17, 2008 – Advisory first created